[Mar 07, 2022] 1z0-997-21 Exam Dumps, 1z0-997-21 Practice Test Questions
Free 1z0-997-21 Study Guides Exam Questions and Answer
Oracle 1z0-997-21 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
| Topic 8 |
|
NEW QUESTION 15
A telecom company has an application running in Oracle Cloud Infrastructure (OCI) Germany Central (eu-frankfurt-1) region. They want to configure Disaster Recovery (DR) site in the OCI UK South (uk-london-1) region. Which is the most cost effective option to help set up application and persistence layers in the DR site?
- A. Application layer: configure Traffic Management steering policy with Load Balancing policy between servers in eu-frankfurt-1 and uk-london-1 regions.
Persistence layer: set up policy to schedule cross-region automated backups of block volumes between eu-frankfurt-1 and uk-london-1 regions. - B. Application layer: configure events service rule in eu-frankfurt-1 region to filter Health Checks event failure and route traffic to uk-london-1 region in the event of a disaster.
Persistence layer: set up policy to schedule cross-region automated backups of block volumes between eu-frankfurt-1 and uk-london-1 regions. - C. Application layer: Set us a public laod balancerin the eu-frankfurt-1 region. Create a backend set with instances running in bothuk-frankfurt-1 and uk-london-1 regions.
Persistence layer: Set up OCI Object Storage replication from eu-frankfurt-1 region to uk-london-1 region. - D. Application layer: configure Traffic Management steering policy with Failover policy between servers in eu-frankfurt-1 and uk-london-1 regions.
Persistence layer: set up policy to schedule cross-region automated backups of file systems in File Storage service between eu-frankfurt-1 and uk-london-1 regions.
Answer: A
NEW QUESTION 16
Give this compartment structure:
You want to move a compute instance that is in 'Compute' compartment to 'SysTes-Team'.
You login to your Oracle Cloud Infrastructure (OCI)account and use the 'Move Resource' option.
What will happen when you attempt moving the compute resource?
- A. The move will be successful though Compute Instance and its Public and Private IP address will stay the same. The Compute instance VNIC will need to be moved separately. The Compute instance will still be associated with the original VCN.
- B. The move will be successful though Compute Instance and its Public and Private IP address will stay the same. The Compute instance VNIC will still be associated with the original VCN.
- C. The move will fail and you will be prompted to move the VCN first. Once VCN is moved to the target compartment, the Compute instance can be moved.
- D. The move will be successful though Compute Instance Public and Private IP address changed, and it will be associated to the VCN in target compartment.
Answer: B
Explanation:
Moving Resources to a Different Compartment
Most resources can be moved after they are created. There are a few resources that you can't move from one compartment to another. Some resources have attached resource dependencies and some don't.
Not all attached dependencies behave the same way when the parent resource moves.
For some resources, the attached dependencies move with the parent resource to the new compartment.
The parent resource moves immediately, but in some cases attached dependencies move asynchronously and are not visible in the new compartment until the move is complete.
For other resources, the attached resource dependencies do not move to the new compartment. You can move these attached resources independently.
You can move Compute resources such as instances, instance pools, and custom images from one compartment to another. When you move a Compute resource to a new compartment, associated resources such as boot volumes and VNICs are not moved.
You can move a VCN from one compartment to another. When you move a VCN, its associated VNICs, private IPs, and ephemeral IPs move with it to the new compartment.
NEW QUESTION 17
A retail company has several on-premises data centers which span multiple geographical locations. They plan to move some of their applications from on-premises data centers to Oracle Cloud Infrastructure (OCI). For these applications running in OCI, they still need to interact with applications running on their on-premises data centers to Oracle Cloud Infrastructure (OCI). for these applications running in OCI. they still need to interact with applications running on their on-premises data centers. These applications require highly available, fault-tolerant network connections between on premises data centers and OCI.
Which option should you recommend to provide the highest level of redundancy?
- A. Use FastConnect private peering only to ensure secure access from your data center to Oracle Cloud Infrastructure
- B. If your data centers span multiple, geographical locations, use only the specific IP address as a static route for the specific geographical location
- C. Set up both IPSec VPN and FastConnect to connect your on premises data centers to Oracle Cloud Infrastructure.
- D. Set up a single IPSec VPN connection (rom your data center to Oracle Cloud Infrastructure since It is cost effective
- E. Oracle cloud Infrastructure provides network redundancy by default so that no other operations are required
Answer: B
Explanation:
If your data centers span multiple geographical locations, we recommend using a broad CIDR (0.0.0.0/0) as a static route in addition to the CIDR of the specific geographical location. This broad CIDR provides high availability and flexibility to your network design. For instance, the following diagram shows two networks in separate geographical areas that each connect to Oracle Cloud Infrastructure. Each area has a single on-premises router, so two IPSec VPN connections can be created. Note that each IPSec VPN connection has two static routes: one for the CIDR of the particular geographical area, and a broad 0.0.0.0/0 static route.
NEW QUESTION 18
A customer is in a process of shifting their web based Sales application from their own data center located in US West to OCI India West (Mumbai) region. They want to do it in a controlled manner and initially only 1% of the traffic will be steered to the servers in OCI. After verification of everything is working as expected, the company is gradually planning to increase the ratio until they are comfortable with fully migrating all traffic to OCI.
Which of the following solution can be used in this situation?
- A. OCI DNS and OCI Load Balancer Service
- B. OCI DNS and Traffic Management with Geolocation Steering policy
- C. OCI DNS and Traffic Management with Failover Steering policy
- D. OCI DNS and Traffic Management with Load Balancer Steering policy
Answer: B
Explanation:
STEERING POLICIES is A framework to define the traffic management behavior for your zones. Steering policies contain rules that help to intelligently serve DNS answers.
FAILOVER
Failover policies allow you to prioritize the order in which you want answers served in a policy (for example, Primary and Secondary). Oracle Cloud Infrastructure Health Checks are leveraged to determine the health of answers in the policy. If the Primary Answer is determined to be unhealthy, DNS traffic will automatically be steered to the Secondary Answer.
LOAD_BALANCE
Load Balancer policies allow distribution of traffic across multiple endpoints. Endpoints can be assigned equal weights to distribute traffic evenly across the endpoints or custom weights may be assigned for ratio load balancing. Oracle Cloud Infrastructure Health Checks are leveraged to determine the health of the endpoint. DNS traffic will be automatically distributed to the other endpoints, if an endpoint is determined to be unhealthy.
ROUTE_BY_GEO
Geolocation-based steering policies distribute DNS traffic to different endpoints based on the location of the end user. Customers can define geographic regions composed of originating continent, countries or states/provinces (North America) and define a separate endpoint or set of endpoints for each region.
ROUTE_BY_ASN
ASN-based steering policies enable you to steer DNS traffic based on Autonomous System Numbers (ASN).
DNS queries originating from a specific ASN or set of ASNs can be steered to a specified endpoint.
ROUTE_BY_IP
IP Prefix-based steering policies enable customers to steer DNS traffic based on the IP Prefix of the originating query.
NEW QUESTION 19
Which of the below options is true regarding Oracle Cloud Infrastructure's load balancing service?
- A. The public load balancer applies a floating public IP address to the primary load balancer.
- B. A public load balancer is Availability Domain specific in scope.
- C. You can dynamically change the load balancer shape to handle more incoming traffic.
- D. When you create a private load balancer, the service requires 2 or more subnets to host both the primary and standby load balancers.
Answer: A
NEW QUESTION 20
An insurance company is storing critical financial data in the OCI block volume. This volume is currently encrypted using oracle managed keys. Due to regulatory compliance, the customer wants to encrypt the data using the keys that they can control and not the keys which are controlled by Oracle.
What of the following series of tasks are required to encrypt the block volume using customer managed keys?
- A. Create a vault, create a master encryption key in the vault, assign this master encryption key to the block volume
- B. Create a master encryption key, create a data encryption key, decrypt the block volume using existing oracle managed keys, encrypt the block volume using the data encryption key
- C. Create a vault, import your master encryption key into the vault, generate data encryption key, assign data encryption key to the block volume
- D. Create a master encryption key, create a new version of the encryption key, decrypt the block volume using existing oracle managed keys and encrypt using new version of the encryption key
Answer: A
Explanation:
Explanation
Oracle Cloud Infrastructure Vault lets you centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources. You can use the Vault service to create and manage the following resources:
Vaults
Keys
Secrets
Vaults securely store master encryption keys and secrets that you might otherwise store in configuration files or in code.
The Vault service lets you create vaults in your tenancy as containers for encryption keys and secrets. If needed, a virtual private vault provides you with a dedicated partition in a hardware security module (HSM), offering a level of storage isolation for encryption keys that's effectively equivalent to a virtual independent HSM.
NEW QUESTION 21
You have been asked to implement a bespoke financial application in Oracle Cloud Infrastructure using virtual machine instances controlled by Autoscaling across multiple Availability Domains. The application stores transaction logs, intermediate transaction data, and audit data and needs to store this on a persistent, durable data store accessible from all of the application servers. The application requires the file system to be mounted in the /audit folder on the Linux file system. The system needs to tolerate the failure of two or more Fault Domains and still maintain data integrity. The solution should be as low maintenance as possible.
What storage architecture should you suggest?
- A. Use File Storage Service(FSS). Configure FSS to operate from all Availability Domains the application servers operate in and mount the file system in the /audit folder.
- B. Implement a single instance and install an NFS server, configure and create an NFS share, and mount this as /audit on the application instances.
- C. Use locally attached NVMe instances and configure RAID 0 replication between servers.
- D. Store the data on Oracle Object Storage mounted at the /audit mount point on all the Linux instances using the default mount options.
Answer: A
NEW QUESTION 22
All three Data Guard Configuration are fully supported on Oracle Cloud infrastructure (OCI). You want to deploy a maximum availability architecture (MAA) for database workload.
Which option should you consider while designing your Data Guard configuration to ensure best RTO and PRO without causing any data loss?
- A. Configure ''Maximum Scalability" mode which provides the highest level of scalability without compromising the availability of the primary database.
- B. Configure "Maximum Protection" mode which provides zero data loss If the primary database fails.
- C. Configure "Maximum Performance" mode In SYNC mode between two availability domains (same region) which provides, the highest level of data protection that is possible without affecting the performance of the primary database.
- D. Configure ''Maximum Availability" mode in SYNC mode between two availability domains (same region), and use the Maximum Availability mode in SYNC mode between two regions.
Answer: D
Explanation:
https://docs.cloud.oracle.com/en-us/iaas/Content/Resources/Assets/whitepapers/best-practices-for-dr-on-oci.pdf All three Data Guard configurations are fully supported on Oracle Cloud Infrastructure. However, because of a high risk of production outage, we don't recommend using the maximum protection mode for your Data Guard configuration.
We recommend using the maximum availability mode in SYNC mode between two availability domains (same region), and using the maximum availability mode in ASYNC mode between two regions. This architecture provides you the best RTO and RPO without causing any data loss. We recommend building this architecture in daisy-chain mode: the primary database ships redo logs to the first standby database in another availability domain in SYNC mode, and then the first standby database ships the redo logs to another region in ASYNC mode. This method ensures that your primary database is not doing the double work of shipping redo logs, which can cause performance impact on a production workload.
This configuration offers the following benefits:
No data loss within a region.
No overhead on the production database to maintain standbys in another region.
Option to configure lagging on the DR site if needed for business reasons.
Option to configure multiple standbys in different regions without any additional overhead on the production database. A typical use case is a CDN application Bottom of Form
NEW QUESTION 23
A manufacturing company is planning to migrate their on-premises database to OCI and has hired you for the migration. Customer has provided following information regarding their existing onpremises database:
Database version, host operating system and version, database character set, storage for data staging, acceptable length of system outage.
What additional information do you need from customer in order to recommend a suitable migration method? Choose two
- A. Elapsed time since database was last patched
- B. Number of active connections
- C. On-premises host operating system and version
- D. Top 5 longest running queries
- E. Data types used in the on-premises database
Answer: C,E
Explanation:
Not all migration methods apply to all migration scenarios. Many of the migration methods apply only if specific characteristics of the source and destination databases match or are compatible. Moreover, additional factors can affect which method you choose for your migration from among the methods that are technically applicable to your migration scenario.
Some of the characteristics and factors to consider when choosing a migration method are:
On-premises database version
Database service database version
On-premises host operating system and version
On-premises database character set
Quantity of data, including indexes
Data types used in the on-premises database
Storage for data staging
Acceptable length of system outage
Network bandwidth
NEW QUESTION 24
You are part of a project team working in the development environment created in Oracle Cloud Infrastructure (OCI). You realize that the CIDR block specified for one of the subnets in a Virtual Cloud Network (VCN) is not correct and want to delete the subnet. While deleting you get an error indicating that there are still resources that you must delete first. The error includes the OCID of the VNIC that is in the subnet.
Which of the following action you will take to troubleshoot this issue?
- A. Use OCI CLI to call "network vnic" and "compute vnic-attachment" operations to find out the parent resource of the VNIC.
- B. Use OCI CLI to delete the subnet using -force option.
- C. Use OCI CLI to delete the VNIC first and then delete the subnet.
- D. Copy and paste OCID of the VNIC in the search box of the OCI Console to find out the parent resource of the VNIC.
Answer: A
NEW QUESTION 25
You are working for a Travel company and your travel portal application is a collection of microservices that run on Oracle Cloud Infrastructure Container Engine for Kubernetes. As per the recent security overview, you have noticed that Oracle has published a newer image of the Operating System used by the worker nodes. You want to make sure that your application doesn't face any downtime but at the same time the worker nodes gets upgraded to the latest version of the Operating System.
What should you do to get this upgrade done without application downtime? (Choose the best answer.)
- A. 1. Run kubectl cordon <node name> against all the worker nodes in the old pool to stop any new application pods to get scheduled 2. Run kubectl drain <node name> """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 3. Download the patches for the new Operating System image 4. Patch the worker nodes to the latest Operating System image
- B. 1. Shutdown the worker nodes 2. Create a new node pool 3. Manually schedule the pods on the newly built node pool
- C. 1. Create a new node pool using the latest available Operating System image 2. Run kubectl taint nodes """"all node""role.kubernetes.io/master"" 3. Delete the old node pool
- D. 1. Create a new node pool using the latest available Operating System image. 2. Run kubectl cordon <node name> against all the worker nodes in the old pool to stop any new application pods to get scheduled 3. Run kubectl drain <node name> """"delete""local""data """"force """"ignore""daemonsets to evict any Pods that are running 4. Delete the old node pool
Answer: D
Explanation:
https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengupgradingk8sworkernode.htm
NEW QUESTION 26
A hospital in Austin has hosted its web based medical records portal entirely In Oracle cloud Infrastructure (OCI) using Compute Instances for its web-tier and DB system database for its data tier. To validate compliance with Health Insurance Portability and Accountability (HIPAA), the security professional to check their systems it was found that there are a lot of unauthorized coming requests coming from a set of IP addresses originating from a country in Southeast Asia.
Which option can mitigate this type of attack?
- A. Mitigate the attack by changing the Route fable to redirect the unauthorized traffic to a dummy Compute instance
- B. Block the attacking IP address by implementing a OCI Web Application Firewall policy using Access Control Rules
- C. Block the attacking IP address by creating by Network Security Group rule to deny access to the compute Instance where the web server Is running
- D. Block the attacking IP address by creating a Security List rule to deny access to the subnet where the web server Is running
Answer: B
Explanation:
WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications.
WAF provides you with the ability to create and manage rules for internet threats including Cross-Site Scripting (XSS), SQL Injection and other OWASP-defined vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable bots to enter. Access rules can limit based on geography or the signature of the request.
As a WAF administrator you can define explicit actions for requests that meet various conditions. Conditions use various operations and regular expressions. A rule action can be set to log and allow, detect, or block requests
NEW QUESTION 27
A civil engineering company is running an online portal In which engineers can upload there constructions photos, videos, and other digital files.
There is a new requirement for you to implement: the online portal must offload the digital content to an Object Storage bucket for a period of 72 hours. After the provided time limit has elapsed, the portal will hold all the digital content locally and wait for the next offload period.
Which option fulfills this requirement?
- A. Create a pre authenticated URL lot each object that Is uploaded to the Object Storage bucket with an expiration of 72 hours.
- B. Create a pre-authenticated URL for the entire Object Storage bucket to read and list the content with an expiration of 72 hours.
- C. Create a Dynamic Group with matching rule for the portal compute Instance and grant access to the Object Storage bucket for 72 hours.
- D. Create a pre authenticated URL for the entire Object Storage bucket to write content with an expiration of 72 hours.
Answer: D
Explanation:
Pre-authenticated requests provide a way to let users access a bucket or an object without having their own credentials, as long as the request creator has permission to access those objects.
For example, you can create a request that lets operations support user upload backups to a bucket without owning API keys. Or, you can create a request that lets a business partner update shared data in a bucket without owning API keys.
When creating a pre-authenticated request, you have the following options:
You can specify the name of a bucket that a pre-authenticated request user has write access to and can upload one or more objects to.
You can specify the name of an object that a pre-authenticated request user can read from, write to, or read from and write to.
Scope and Constraints
Understand the following scope and constraints regarding pre-authenticated requests:
Users can't list bucket contents.
You can create an unlimited number of pre-authenticated requests.
There is no time limit to the expiration date that you can set.
You can't edit a pre-authenticated request. If you want to change user access options in response to changing requirements, you must create a new pre-authenticated request.
The target and actions for a pre-authenticated request are based on the creator's permissions. The request is not, however, bound to the creator's account login credentials. If the creator's login credentials change, a pre-authenticated request is not affected.
You cannot delete a bucket that has a pre-authenticated request associated with that bucket or with an object in that bucket.
NEW QUESTION 28
A cloud consultant is working on implementation project on OCI. As part of the compliance requirements, the objects placed in object storage should be automatically archived first and then deleted. He is testing a Lifecycle Policy on Object Storage and created a policy as below:
[ { "name": "Archive_doc", "action": "ARCHIVE", "objectNameFilter": { "inclusionPrefixes": "doc"] },
"timeAmount": 5, "timeunit": "DAYS", "isEnabled": true },
{ "name": "Delete_doc", "action": "DELETE", "objectNameFilter": "inclusionPrefixes": [ "doc"]
1."timeAmount": 5, "timeunit": "DAYS", "isEnabled": true }
What will happen after this policy is applied?
- A. All the objects having file extension ".doc" will be archived 5 days after object creation
- B. All the objects having file extension ".doc" will be archived for 5 days and will be deleted 10 days after object creation
- C. All objects with names starting with "doc" will be deleted after 5 days of object creation
- D. All the objects with names starting with "doc" will be archived 5 days after object creation and will be deleted 5 days after archival
Answer: C
Explanation:
Object Lifecycle Management works by defining rules that instruct Object Storage to archive or delete objects on your behalf within a given bucket. A bucket's lifecycle rules are collectively known as an object lifecycle policy.
You can use a rule to either archive or delete objects and specify the number of days until the specified action is taken.
A rule that deletes an object always takes priority over a rule that would archive that same object.
NEW QUESTION 29
You are currently working for a public health care company based in the United Stats. Their existing patient records runs in an on-premises data center and the customer is sending tape backups offsite as part of their recovery planning.
You have developed an alternative archival solution using Oracle Cloud Infrastructure (OCI) that will save the company a significant amount of mom on a yearly basis. The solution involves storing data in an OCI Object Storage bucket After reviewing your solution with the customer global Compliance (GRC) team they have highlighted the following security requirements:
* All data less than 1 year old must be accessible within 2 hour.
* All data must be retained for at least 10 years and be accessible within 48 hours
* AH data must be encrypted at rest
* No data may be transmitted across the public Internet
Which two options meet the requirements outlined by the customer GRC team?
- A. Create an OCI Object Storage Standard tier bucket Configure a lifecycle policy to archive any object that Is older than 365 days
- B. Provision a FastConnect link to the closest OCI region and configure a public peering virtual circuit
- C. Create an OCI Object Storage Standard tier bucket. Configure a lifecycle policy to delete any object that is older than 7 years
- D. Create a VPN connection between your on premises data center and OCI. Create a Virtual Cloud Network (VCN) along with an OCI Service Gateway for OCI Object Storage.
- E. Provision a FastConnect link to the closest OCI region and configure a private peering virtual circuit.
Answer: A,B
Explanation:
The Oracle Services Network is a conceptual network in Oracle Cloud Infrastructure that is reserved for Oracle services. These services have public IP addresses that you typically reach over the internet. However, you can access the Oracle Services Network without the traffic going over the internet. There are different ways, depending on which of your hosts need the access:
Hosts in your on-premises network:
- Private access through a VCN with FastConnect private peering or VPN Connect: The on-premises hosts use private IP addresses and reach the Oracle Services Network by way of the VCN and the VCN's service gateway.
- Public access with FastConnect public peering: The on-premises hosts use public IP addresses.
regarding which Fastconnect Public peering: To access public services in Oracle Cloud Infrastructure without using the internet. For example, Object Storage, the Oracle Cloud Infrastructure Console and APIs, or public load balancers in your VCN. Communication across the connection is with IPv4 public IP addresses. Without FastConnect, the traffic destined for public IP addresses would be routed over the internet. With FastConnect, that traffic goes over your private physical connection.
so Answer 4 will be the best answer that meets the customer requirement A service gateway lets your virtual cloud network (VCN) privately access specific Oracle services without exposing the data to the public internet. No internet gateway or NAT is required to reach those specific services. The resources in the VCN can be in a private subnet and use only private IP addresses. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.
Object Lifecycle Management lets you automatically manage the archiving and deletion of objects. By using Object Lifecycle Management to manage your Object Storage and Archive Storage data, you can reduce your storage costs and the amount of time you spend managing data.
NEW QUESTION 30
You work for a large bank where security and compliance are critical. As part of the security overview meeting, your company decided to minimize the installation of local tools on your laptop. You have been running Ansible and kubectl to spin up Oracle Container Engine for Kubernetes (OKE) clusters and deployed your application.
For authentication, you are using an Oracle Cloud Infrastructure (OCI) CLI config file that contains OCIDs, Fingerprint, and a locally stored PEM file. Your security team doesn't want you to store any local API key and certificate, or any other local tools.
Which two actions should you perform to spin up the OKE cluster and interact with it? (Choose two.)
- A. Create a developer workstation on OCI. Install Ansible and kubectl on it. Use instance principal to authenticate against OCI API and create the OKE Cluster.
- B. Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the OKE cluster. Bring in your own config file and certificate to authenticate against OCI API.
- C. Develop your own code using OCI SDK to deploy the OKE cluster.
- D. Work on OCI Cloud Shell to use built-in Ansible and kubectl to deploy the OKE cluster. Use OCI_CLI_AUTH=instance_obo_user environment variable to authenticate using built-in token.
- E. Create a developer workstation on OCI. Install Ansible and kubectl on it. Use resource principal to authenticate against OCI API and create the OKE Cluster.
Answer: A,D
Explanation:
https://docs.cloud.oracle.com/en-us/iaas/tools/oci-cli/2.12.4/oci_cli_docs/oci.html
NEW QUESTION 31
......
1z0-997-21 Exam Dumps, 1z0-997-21 Practice Test Questions: https://www.dumpexams.com/1z0-997-21-real-answers.html